diff --git a/app/controllers/draft_controller.rb b/app/controllers/draft_controller.rb
index d3cc2b731da..22cedd38366 100644
--- a/app/controllers/draft_controller.rb
+++ b/app/controllers/draft_controller.rb
@@ -51,7 +51,13 @@ class DraftController < ApplicationController
 
     json = success_json.merge(draft_sequence: sequence)
 
-    if data = JSON::parse(params[:data])
+    begin
+      data = JSON::parse(params[:data])
+    rescue JSON::ParserError
+      raise Discourse::InvalidParameters.new(:data)
+    end
+
+    if data.present?
       # this is a bit of a kludge we need to remove (all the parsing) too many special cases here
       # we need to catch action edit and action editSharedDraft
       if data["postId"].present? && data["originalText"].present? && data["action"].to_s.start_with?("edit")